Data Privacy Notice

OASIS WEALTH MANAGEMENT LTD

Data Privacy Notice

1.   INTRODUCTION           

Your privacy is very important to us, and it is our policy to safeguard and respect the confidentiality of your personal data.  This Privacy Policy explains what types of personal data we collect from our clients and prospective clients and how we use your personal data, when and with whom we share it and how we will keep it safe. It also details your rights in respect of our processing of your personal information and how you may exercise them.

Our Privacy Notice is reviewed regularly, and it is important that you check this Notice for any updates. Any personal information we hold will be governed by our most current privacy notice.

Please note that this notice is addressed to customers and potential customers. If you are an employee, a contractor t or a third-party service provider, your personal information will be used in connection with your employment contract, your contractual relationship or in accordance with our separate policies which are available by contacting us.

2.   WHO ARE WE?   

Oasis Wealth Management Ltd “Oasis” is a licensed UCITS Management Company, regulated by the Cyprus Securities and exchange Commission (CySEC) under license number 7/78/2012. We are authorised also to provide the MIFID services of investment advice and portfolio management.

The registered office of Oasis Wealth Management Ltd is situated at 23 Stasinou Street, 1st Floor, Office 101, 2404 Egkomi, Nicosia, Cyprus and its business head office is at 11A Antheon str., 4520, Parekklisia, Limassol, Cyprus.

3.   WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND STORE?

In order to invest in any of the UCITS fund managed by us or to provide you with MIFID services we reserve the right to collect the following personal data both at the initiation and during our business relationship:

  • name, surname and contact details
  • Identification documents number and Tax ID number
  • date of birth and gender
  • information about your income and wealth including details about your assets and liabilities, account balances, trading statements, tax and financial statements
  • profession and employment details
  • knowledge and experience in investments in financial instruments, personal information to assess your risk capability and risk tolerance
  • Bank account details
  • Passport or national identity card and utility bills

 

We obtain this information through dedicated forms that you will be required to fill out and through electronic communication and face to face meetings.

If you are a corporate client, we are required to collect additional information such as corporate documents of address, shareholders, directors, officers including additional personal information on the Shareholders and Directors. We have the right to ask any additional information we deem necessary to be compliant with our legal and regulatory requirements.

We also keep records of the following personal data:

  • UCITS subscriptions and redemptions and the related financial transactions
  • Transactions and trades related to the portfolio management service
  • Investment advice reports provided to you
  • Email communications

 

4.   WHO MAY WE DISCLOSE PERSONAL INFORMATION TO?

As part of using your personal information for the purposes set out above, we may disclose your information to:

  • service providers and specialist advisers who have been contracted to provide us with services such as administrative, IT, analytics and online marketing optimization, financial, regulatory, compliance or other services;
  • Payment service providers and banks processing your transactions;
  • auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes;
  • courts, tribunals and applicable regulatory authorities
  • government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;
  • any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions of Service or other relevant agreements;
  • anyone authorised by you.

 

We endeavour to disclose to these third parties only the minimum personal data that is required to perform their contractual obligations to us. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.

5.   WHEN AND HOW DO WE OBTAIN YOUR CONSENT?      

We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data.

The Lawful basis are the following:

  • to perform our contractual obligations towards you
  • to be compliant with the legal and regulatory requirements
  • to pursue our legitimate interests

 

Where our use of your personal information does not fall under one of these three Lawful basis, we require your consent.  Such consent shall be freely given by you, and you have the right to withdraw your consent at any time by contacting us using the contact details set out in this privacy notice or by unsubscribing from email lists.

 

We may use personal data provided by you to communicate with you for marketing promotional purposes. The channels used for such communications may include calling you or sending emails. You have the right to opt out by sending an email to our DPO, at XXX using the registered email address you disclosed to us.

6.   MANAGEMENT OF PERSONAL INFORMATION   

We are committed to safeguarding and protecting personal data and implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

We have appointed a Data Protection Officer to ensure that our management of personal information is in accordance with this privacy notice and the applicable legislation.

In brief, the data protection measures we have in place are the following:

  • we train our employees who handle personal information to respect the confidentiality of customer information and the privacy of individuals;
  • requiring our employees to use passwords when accessing our systems;
  • we apply Chinese walls and employees only have access to the personal data required for the purposes of the tasks they handle;
  • employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
  • using dedicated secure networks or encryption when we transmit electronic data;
  • practising a clean desk policy in all premises occupied by us and our related bodies corporate and providing secure storage for physical records;

 

7.   HOW DO WE STORE PERSONAL INFORMATION, FOR HOW LONG AND WHERE WE MAY TRANSFER IT?

We primarily hold personal information with reputable cloud data centres.

When we consider that personal information is no longer needed, we will remove any details that will identify you or we will securely destroy the records.

However, we may need to maintain records for a significant period of time. For example, we are subject to laws and regulations which require us to retain copies and evidence of the actions taken by us in regard to your identity verification, sources of incomes and wealth, maintain records of your financial transactions and monitor them, maintain records of telephone, chat and email communications, payment instructions, orders and trades history, handling of your complaints and records that can demonstrate that we have acted in line with regulatory code of conduct throughout the business relationship. These records must be maintained for a period of six years after our business relationship with you has ended or even longer if we are asked by our Regulators or there is another valid reason.

Personal data provided by you as a prospective client where your subscription to one of our UCTS funds or application to be provided with the MIFID service was rejected by us will be maintained for six months unless there is a regulatory or other valid reason requiring us to keep it for a longer period of time.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

When we transfer your data to other third parties outside the EEA, we may in some cases rely on applicable standard contractual clauses, the EU-US Privacy Shield or any other equivalent applicable arrangements so that to comply with regulatory obligations.

If you would like a copy of such arrangements, please contact us using the contact details below.

8.    YOUR RIGHTS                                                                   

 Please note that these rights do not apply in all circumstances. You are entitled to:

(a) request access to your personal data (commonly known as a “data subject access request”);

(b) request correction of the personal data that we hold about you;

(c) request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;

(d) object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

(e) request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • if you want us to establish the data’s accuracy;
  • where our use of the data is unlawful, but you do not want us to erase it;
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it;

(f) request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially provided consent for us to use or where we used the information to perform a contract with you; and

(g) withdraw consent at any time where we are relying on consent to process your personal data.

You also have the right to opt out from receiving marketing communications from us by sending an email to our DPO, at m.tarabukina@oasiswealth.eu using the registered email address you disclosed to us.

If you want to exercise your rights, please contact us by email at using the registered email address you disclosed to us. We may request that you verify your identity prior to processing your request.

We try to respond to all requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.

We may charge you a reasonable fee when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. In this case we will send you a fee request which you will have to accept prior to us processing your request. Alternatively, we may refuse to comply with your request in these circumstances.

9.   WHAT IF YOU HAVE A QUERY OR A COMPLAINT?        

If you have a concern about any aspect of our privacy practices, you have the right to contact us to make a query or a complaint by email at m.tarabukina@oasiswealth.eu.

We try to respond to all requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authorities, the Cyprus Data Protection. Alternatively, you also have the right to lodge a complaint with the data protection authority of your country of residence.

You can find details about how to do this on http://www.dataprotection.gov.cy .